How they know who you are

If Professor Latanya Sweeney has three pieces of information — your birthdate, ZIP Code and gender — she can probably tell you your name. If you’re under the age of 25 and reveal where you were born, she can cobble together almost every digit of your Social Security number. I saw her do it in a class at Harvard last fall. The course was titled “Privacy and Technology,” and by the end of the 10 weeks nothing seemed sacrosanct anymore. Not my Social Security number, not my medical records, not my middle name, nothing.

Sweeney is just one of the parade of characters who make cameo appearances in journalist Adam Tanner’s new book on big data and privacy. Tanner seeks to put between two covers what Sweeney has been preaching in and out of the classroom for years: We shouldn’t feel ambivalent about how new technologies threaten our privacy — instead we ought to be worried. To hear Tanner tell it, the National Security Agency isn’t the greatest threat. American companies are.

Now a research fellow at Harvard’s Institute for Quantitative Social Science, Tanner argues that the combination of cameras, recording devices, online public data and computing power has not only eroded our basic expectations about personal privacy, it has nibbled at the edges of our civil liberties, too. The book provides an insider’s look at the business of assembling, packaging and reselling data, and it uses glittery Las Vegas to show that kind of information at work.

“Las Vegas had become a vast data collection machine,” Tanner writes. “Because of the huge amount of money at stake, casinos have used customer information to innovate in a wide array of activities including direct marketing, loyalty programs, surveillance, and photo recognition technology. Sin City is also a major source of public records because more couples marry here than anywhere else in the United States.”

Never miss a local story.

Sign up today for a free 30 day free trial of unlimited digital access.

The book’s narrative is built around an MIT wunderkind named Gary Loveman, a man who seems to be able to see patterns take shape where others see nothing at all. One of his early research papers in the 1990s argued that adding computers to a business wouldn’t contribute to overall productivity. He called it the Productivity Paradox. And for a time, until computers got faster, he was exactly right. A couple of years later, Loveman, who was by then teaching at Harvard Business School, wrote a paper suggesting that loyalty and satisfaction could dramatically affect what a customer might be worth to a company over a lifetime. His theory: By concentrating on repeat business, a company stood to make more money than with traditional scatter-shot marketing alone. That idea ended up taking him to Vegas.

It began with a letter, Tanner says. In 1995, Loveman sent the chief executive of Harrah’s some unsolicited advice suggesting that the casino use the customer data it already had to beef up its guests’ loyalty. The letter resonated. Harrah’s CEO asked Loveman to leave his teaching position and join the casino’s team. Three years later, Loveman was Harrah’s chief operating officer. “Because he would oversee marketing, Loveman had a simple mandate: use personal data to understand clients better than the competition,” Tanner writes. “By gathering information on millions of customers, he believed the company could lure repeat business, catering offers and promotions to the different tastes of each person.”

Loveman wanted to crunch customer data so that Harrah’s, which officially changed its name to Caesars Entertainment in 2010, could know not only who was entering its casinos but also more precisely who was playing the slots or the blackjack tables, the exact machines they were playing, where they were sitting, and whether they were having an up day or a down one. To get this information, Loveman began trading customer information for perks. Provide details on how often you gamble, where you like to go, what kind of food you like, and in return you get rewards points that can be used for free meals, hotel stays and even chips so you can gamble more. (This pattern should now sound unnervingly familiar.) The idea was not only to win a gambler’s loyalty but also to make sure his favorite hostess was standing there with his favorite drink after he left his favorite suite at the hotel. That kind of customer satisfaction, according to Loveman’s statistical models, would add to the casino’s bottom line.

Las Vegas wasn’t alone in realizing the power of personal data. Young entrepreneurs started going into the data-brokering business, vacuuming up public data and selling it for profit. And Tanner explores the darker forces behind the new industry. Consider Instant Checkmate, which grew out of the online-dating craze. The company was premised on the fact that daters wanted more than an online bio of a potential mate — they wanted a small background check. Instant Checkmate then started to go a bit further and layered on aggressive marketing. Tanner writes that a Florida woman was shocked to find her mug shot appearing in an Instant Checkmate ad next to the caption: “Sometimes the cute ones aren’t so innocent.” She filed a lawsuit this year.

Separately, months later, the Federal Trade Commission charged the company with violating the Fair Credit Reporting Act. It alleged that Instant Checkmate didn’t take “reasonable steps to ensure the reports were accurate or that those coming to the site had a permissible reason to receive such reports.” The company eventually settled without admitting any wrongdoing.

With the exception of Sweeney, who has become one of the preeminent privacy advocates in this country, there are no real heroes in this book. While Loveman dragged his feet and was loath to use third-party data brokers to track his customers, eventually he relented. All the other casinos were doing it, Tanner says Loveman finally decided, so holding back put Caesars at a competitive disadvantage.

Tanner darkly suggests that we have crossed a privacy threshold. We have lost huge swaths of our privacy, and we’re not getting it back. In the words of one of Tanner’s sources, the man who devised the first slot machine to track users via personal identity cards, “We will never have the anonymity that we once had. … Creepiness changes with time. Over time you will come to accept it. It is not going away.”